Last updated: May 2026

Privacy Policy

1. Who We Are

SemanticGuard is operated by KB-AI LLC. This policy explains how we handle data when you use the SemanticGuard AI gateway service.

2. Data We Collect

  • Usage metrics: token counts, latency, cost estimates, cache hit/miss ratios, and model identifiers. These are always collected for analytics.
  • Prompts and responses:only stored if you explicitly enable the "Store Prompts" setting. When disabled, we log request metadata (model, cost, cache status) but never store prompt or response content. You can also disable tracing entirely.
  • API key hashes: we store a one-way hash of your upstream API key for identification and rate limiting. We never store your API key in plaintext.
  • Account information: email address and authentication credentials when you create a SemanticGuard account.

3. Auxiliary LLM Calls

SemanticGuard makes auxiliary LLM calls to extract response templates for entity substitution (used in semantic caching). These calls are important to understand:

  • Auxiliary calls are routed through your own API key to the same vendor you are already using. We never send your prompts to a different vendor.
  • We use the cheapest available model from that vendor for these verification requests (e.g., Claude Haiku for Anthropic, GPT-4o-mini for OpenAI, Gemini Flash for Google).
  • Your prompts and data stay with your chosen vendor and are subject to that vendor's own privacy policy and data handling terms.
  • These auxiliary calls are billed to your account by the upstream provider. The cost is typically negligible compared to the savings from caching.

4. Data Storage

Your data is stored across the following services:

  • Postgres (Neon): usage analytics and request metadata. Prompt and response content is only stored when you opt in via the Store Prompts setting.
  • Upstash Vector: embeddings of prompt skeletons (with entities removed) used for semantic similarity matching.
  • Upstash Redis: cached responses and operational data for fast retrieval.

All storage runs on your own infrastructure or on managed services that you provision. SemanticGuard does not maintain a centralized data store that aggregates data across customers.

5. Data Retention

Request trace retention is configurable via the trace_retention_days setting (default: 30 days). You can adjust this at any time from the Settings page. When the retention period expires, request traces and associated data are automatically purged.

Cached responses are retained according to the cache TTL setting (default: 1 hour). Cache entries expire automatically and can also be cleared manually at any time from the Cache Contents page.

6. What We Do Not Do

  • We do not sell your data to third parties.
  • We do not use your prompts, responses, or any user content to train machine learning models.
  • We do not share your data with other SemanticGuard customers.

7. Your Rights

You have the following rights regarding your personal data:

  • Right to access: You can export all of your data at any time from the Settings page in the dashboard.
  • Right to deletion: You can delete your account and all associated data from the Settings page. This action is permanent and cannot be undone.
  • Right to rectification: You can update your account information at any time through the dashboard.
  • Right to data portability: Your data export is provided in a machine-readable JSON format that you can use to transfer your data to another service.
  • Right to opt out of data collection:You can disable the "Store Prompts" toggle to stop storing prompt and response content, and disable the "Request Tracing" toggle to stop logging requests entirely.

California Residents (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA). You have the right to know what personal information we collect, the right to delete your personal information, and the right to opt out of the sale of your personal information. We do not sell your personal information to third parties.

How to Exercise Your Rights

You can exercise most of these rights directly from the Settings page in your dashboard. You may also contact us at legal@kb-ai.com for any data rights requests. We will respond to all requests within 30 days.

8. Contact

For privacy-related questions or requests, contact us at legal@kb-ai.com.